Nextbase Docs
Security

Protected Next.js areas

How to create new pages and routes that are protected.

Protected Next.js pages and api routes

  1. The app_admin folder is only accessible to application admins. Hence all pages which start with the route app_admin are only accessible to app admins.
  2. The dashboard route , setting routes, organization routes are all only accessible to logged in users.
  3. Other pages are public.

Creating new pags

  1. To create pages only accessible to logged in users, create them within the (authenticated-pages)/(user-pages) folders. This will make them available to all pages including app_admins.
  2. To create pages only accessible to app_admin users, create them within the (authenticated-users)/(app_admin) folder.
  3. (external-pages) are available to logged out users as well.
  4. (login-pages) should contain all authentication related pages such as login, signup etc.

Access control on Supabase functions

How to control access to your Supabase functions.

Row Level Security

Row Level Security (RLS) is a feature in PostgreSQL that provides the ability to control which users can SELECT, INSERT, UPDATE, or DELETE which rows in a table. It adds an additional layer of security in multi-user database environments and is crucial for protecting sensitive data.

On this page